Ssl_requirement, https, webrick and ruby


#1

My Rails application passwords were travelling over the network as
plain-text. Maybe the users wouldn’t like it (I surely wouldn’t), so I
decided to use some kind of encryption.

I have done my little research and found the ssl_requirement Rails
plugin and installed it. But when I try to access a secured page, I
can’t establish a connection to the server. I thought this would be
because my development webserver (webrick) wasn’t supporting
HTTPS/SSL.

What I really want to have is a server-independent way of having HTTPS
support (i.e. I don’t want to have to reconfigure when I switch
servers). For the time being, I am trying to edit my script/server to
start a ssl-enabled webrick instead of the default one. But I can’t
get it done because of a failure with the openssl library.

So now I am struggling with Rails and Webrick to get them speaking
HTTPS. Seems like webrick supports it (at least it is advertised on
theirpage), but when I try

require ‘webrick/https’

I get the following error:

LoadError: no such file to load – openssl

Seems like the openssl library should have been installed with Ruby,
but it wasn’t. This seems to be a known bug (I found a bug report on
the rubyforge Ruby tracker). I have tried to manually install the ruby
pki library (which includes openssl), but the download link on their
page is broken for me.

Any thoughts on this? Can I enable SSL support on webrick without all
this script/server hackery? Also, are there any other options that
would give me an acceptable security level without all this SSL stuff?

Cheers,

Thiago A.